The cybercriminals even spoofed the email address to make it look more legitimate

Mar 26, 2012 14:57 GMT  ·  By

A few days back AlienVault researchers reported that cybercriminals were launching spearphishing attacks that targeted Tibetan activist organizations. After the story was published, the Chinese hackers changed their tactics and used AlienVault’s research to enhance the success of their campaign.

“We recently detected several targeted attacks against Tibetan activist organizations including the Central Tibet Administration and International Campaign for Tibet, among others. Here is one of the emails detected: [ More information ]” reads the malicious email that allegedly comes from AlienVault.

Experts inform that in reality, the More information link leads to a site that hosts a copy of the company’s blog post, along with a JavaScript which ultimately leads to a payload identified by AVG as BackDoor.Generic15.VKZ.

Furthermore, the attackers even spoofed the sender’s email address to make it appear as if the notifications are originating from [email protected].

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.